US20050182926A1 - Information processing system - Google Patents

Information processing system Download PDF

Info

Publication number
US20050182926A1
US20050182926A1 US11/017,939 US1793904A US2005182926A1 US 20050182926 A1 US20050182926 A1 US 20050182926A1 US 1793904 A US1793904 A US 1793904A US 2005182926 A1 US2005182926 A1 US 2005182926A1
Authority
US
United States
Prior art keywords
server
tamper
client
resistant device
encryption
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
US11/017,939
Other versions
US7620822B2 (en
Inventor
Hideki Akashika
Tadashi Suzuki
Atsushi Miura
Jun Ogishima
Yoshiaki Hirano
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Sony Corp
Original Assignee
Sony Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Sony Corp filed Critical Sony Corp
Assigned to SONY CORPORATION reassignment SONY CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: AKASHIKA, HIDEKI, OGISHIMA, JUN, MIURA, ATSUSHI, HIRANO, YOSHIAKI, SUZUKI, TADASHI
Publication of US20050182926A1 publication Critical patent/US20050182926A1/en
Application granted granted Critical
Publication of US7620822B2 publication Critical patent/US7620822B2/en
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/08Payment architectures
    • G06Q20/10Payment architectures specially adapted for electronic funds transfer [EFT] systems; specially adapted for home banking systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/382Payment protocols; Details thereof insuring higher security of transaction
    • G06Q20/3823Payment protocols; Details thereof insuring higher security of transaction combining multiple encryption tools for a transaction
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/38Payment protocols; Details thereof
    • G06Q20/40Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
    • G06Q20/409Device specific authentication in transaction processing
    • G06Q20/4097Device specific authentication in transaction processing using mutual authentication between devices and transaction partners
    • G06Q20/40975Device specific authentication in transaction processing using mutual authentication between devices and transaction partners using encryption therefor
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0873Details of the card reader
    • G07F7/088Details of the card reader the card reader being part of the point of sale [POS] terminal or electronic cash register [ECR] itself
    • G07F7/0886Details of the card reader the card reader being part of the point of sale [POS] terminal or electronic cash register [ECR] itself the card reader being portable for interacting with a POS or ECR in realizing a payment transaction

Definitions

  • the present invention relates to information processing systems, and more particularly, to an information processing system capable of controlling integrated circuit (IC) cards at a command level.
  • IC integrated circuit
  • a user can purchase an item in an actual shop or on an Internet shopping site by placing the user's credit card on a reader/writer connected to a personal computer or by accessing the Internet shopping site using a cellular telephone containing an IC chip having a credit card function (see Japanese Unexamined Patent Application Publication No. 2002-374570). Payment processing for this purchase is performed in accordance with a response by an IC card to an instruction from a server (for example, a content server) that manages payment information.
  • a server for example, a content server
  • Information transferred between the content server and the IC card is private information, such as a purchase amount, balance information registered on the IC card, and the like. Thus, such information must be encrypted. Therefore, the contents of requests to the IC card and information sent from the IC card in accordance with the requests are encrypted.
  • a server apparatus in an information processing system communicating with a client apparatus including a client device and a client tamper-resistant device, includes a server tamper-resistant device and a server device.
  • the server tamper-resistant device includes an encryption unit for encrypting information corresponding to a request from the server device in accordance with key information managed by the server tamper-resistant device and by the client tamper-resistant device and generating a first encryption signal; and a decryption unit for decrypting a second encryption signal encrypted by the client tamper-resistant device in accordance with the key information.
  • the server device includes a communication unit for performing communication with the client device, the communication not requiring encryption based on the key information; a requesting unit for requesting the server tamper-resistant device for encryption based on the key information when the server device performs communication with the client device, the communication requiring encryption based on the key information; and a processing unit for performing processing corresponding to a signal decrypted by the decryption unit of the server tamper-resistant device.
  • a client apparatus in an information processing system communicating with a server apparatus including a server tamper-resistant device and a server device, includes a client device and a client tamper-resistant device.
  • the client device includes a communication unit for performing communication with the server device, the communication not requiring encryption based on key information managed by the server tamper-resistant device and by the client tamper-resistant device.
  • the client tamper-resistant device includes a decryption unit for decrypting a first encryption signal encrypted by the server tamper-resistant device in accordance with the key information; and an encryption unit for encrypting information corresponding to a decryption result of the first encryption signal in accordance with the key information and generating a second encryption signal.
  • an information processing system includes a server apparatus and a client apparatus.
  • the server apparatus includes a server tamper-resistant device and a server device.
  • the client apparatus includes a client device and a client tamper-resistant device.
  • the server tamper-resistant device includes a first encryption unit for encrypting information corresponding to a request from the server device in accordance with key information managed by the server tamper-resistant device and by the client tamper-resistant device and generating a first encryption signal; and a first decryption unit for decrypting a second encryption signal encrypted by the client tamper-resistant device in accordance with the key information.
  • the server device includes a first communication unit for performing communication with the client device, the communication not requiring encryption based on the key information; a requesting unit for requesting the server tamper-resistant device for encryption based on the key information when the server device performs communication with the client device, the communication requiring encryption based on the key information; and a processing unit for performing processing corresponding to a signal decrypted by the decryption unit of the server tamper-resistant device.
  • the client device includes a second communication unit for performing communication with the server device, the communication not requiring encryption based on the key information.
  • the client tamper-resistant device includes a second decryption unit for decrypting the first encryption signal encrypted by the first encryption unit of the server tamper-resistant device; and a second encryption unit for encrypting information corresponding to a decryption result of the first encryption signal in accordance with the key information and generating a second encryption signal.
  • a server tamper-resistant device can perform encryption processing at a command level, and processing can be instructed to a client tamper-resistant device safely and flexibly.
  • FIG. 1 shows an example of the structure of a content providing system according to the present invention
  • FIG. 2 is a block diagram showing an example of the structure of a cellular telephone shown in FIG. 1 ;
  • FIG. 3 is a block diagram showing an example of the functional structure of the cellular telephone shown in FIG. 1 ;
  • FIG. 4 is a block diagram showing an example of the structure of a content server shown in FIG. 1 ;
  • FIG. 5 is a block diagram showing an example of the functional structure of the content server shown in FIG. 1 ;
  • FIG. 6 is a flowchart showing a process performed by the content providing system shown in FIG. 1 ;
  • FIG. 7 is a flowchart showing another process performed by the content providing system shown in FIG. 1 ;
  • FIG. 8 is a flowchart showing another process performed by the content providing system shown in FIG. 1 ;
  • FIG. 9 is a flowchart showing another process performed by the content providing system shown in FIG. 1 ;
  • FIG. 10 shows another example of the structure of the content providing system according to the preset invention.
  • FIG. 11 shows another example of the structure of the content providing system according to the present invention.
  • a server apparatus in an information processing system the server apparatus communicating with a client apparatus including a client device and a client tamper-resistant device, includes a server tamper-resistant device and a server device.
  • the server tamper-resistant device includes an encryption unit (for example, a secure application module (SAM) 7 in FIG. 1 for performing processing in step S 51 in FIG. 6 ) for encrypting information corresponding to a request from the server device in accordance with key information managed by the server tamper-resistant device and by the client tamper-resistant device and generating a first encryption signal; and a decryption unit (for example, the SAM 7 in FIG. 1 for performing processing in step S 53 in FIG.
  • SAM secure application module
  • the server device includes a communication unit (for example, a hypertext transfer protocol (HTTP) server 181 in FIG. 5 ) for performing communication with the client device, the communication not requiring encryption based on the key information; a requesting unit (for example, an application program 183 in FIG. 5 for performing processing in step S 31 in FIG. 6 ) for requesting the server tamper-resistant device for encryption based on the key information when the server device performs communication with the client device, the communication requiring encryption based on the key information; and a processing unit (for example, the application program 183 in FIG. 5 for performing processing in step S 40 in FIG. 6 ) for performing processing corresponding to a signal decrypted by the decryption unit of the server tamper-resistant device.
  • HTTP hypertext transfer protocol
  • the requesting unit of the server device can send a predetermined request to the server tamper-resistant device in accordance with a set order.
  • the encryption unit of the server tamper-resistant device can generate one or more commands in accordance with the request from the requesting unit, and can encrypt the generated commands (for example, step S 51 in FIG. 6 or step S 181 in FIG. 8 ).
  • the encrypted plurality of commands can be provided to the client tamper-resistant device in a predetermined order (for example, steps S 164 and S 165 in FIG. 8 ).
  • the encrypted plurality of commands can be simultaneously supplied to the client device (for example, step S 174 in FIG. 8 ).
  • the server tamper-resistant device and the server device can be integrated with each other.
  • a client apparatus in an information processing system communicating with a server apparatus including a server tamper-resistant device and a server device, includes a client device and a client tamper-resistant device.
  • the client device includes a communication unit (for example, a communication controller 91 in FIG. 3 ) for performing communication with the server device, the communication not requiring encryption based on key information managed by the server tamper-resistant device and by the client tamper-resistant device.
  • the client tamper-resistant device includes a decryption unit (for example, a contactless integrated circuit (IC) card controller 111 in FIG. 3 for performing processing in step S 11 in FIG.
  • IC contactless integrated circuit
  • an encryption unit for example, the contactless IC card controller 111 in FIG. 3 for performing processing in step S 12 in FIG. 6 ) for encrypting information corresponding to a decryption result of the first encryption signal in accordance with the key information and generating a second encryption signal.
  • the communication unit of the client device can be a browser.
  • the client tamper-resistant device and the client device can be integrated with each other.
  • the client tamper-resistant device, the client device, and the browser can be integrated with each other.
  • an information processing system includes a server apparatus and a client apparatus.
  • the server apparatus includes a server tamper-resistant device and a server device.
  • the client apparatus includes a client device and a client tamper-resistant device.
  • the server tamper-resistant device includes a first encryption unit (for example, the SAM 7 in FIG. 1 for performing the processing in step S 51 in FIG. 6 ) for encrypting information corresponding to a request from the server device in accordance with key information managed by the server tamper-resistant device and by the client tamper-resistant device and generating a first encryption signal; and a first decryption unit (for example, the SAM 7 in FIG. 1 for performing the processing in step S 53 in FIG.
  • a first encryption unit for example, the SAM 7 in FIG. 1 for performing the processing in step S 53 in FIG.
  • the server device includes a first communication unit (for example, the HTTP server 181 in FIG. 5 ) for performing communication with the client device, the communication not requiring encryption based on the key information; a requesting unit (for example, the application program 183 in FIG. 5 for performing the processing in step S 31 in FIG. 6 ) for requesting the server tamper-resistant device for encryption based on the key information when the server device performs communication with the client device, the communication requiring encryption based on the key information; and a processing unit (for example, the application program 183 in FIG. 5 for performing the processing in step S 40 in FIG.
  • a first communication unit for example, the HTTP server 181 in FIG. 5
  • a requesting unit for example, the application program 183 in FIG. 5 for performing the processing in step S 31 in FIG. 6
  • a processing unit for example, the application program 183 in FIG. 5 for performing the processing in step S 40 in FIG.
  • the client device includes a second communication unit (for example, the communication controller 91 in FIG. 3 ) for performing communication with the server device, the communication not requiring encryption based on the key information.
  • the client tamper-resistant device includes a second decryption unit (for example, the contactless IC card controller 111 in FIG. 3 for performing the processing in step S 11 in FIG. 6 ) for decrypting the first encryption signal encrypted by the first encryption unit of the server tamper-resistant device; and a second encryption unit (for example, the contactless IC card controller 111 in FIG. 3 for performing the processing in step S 12 in FIG. 6 ) for encrypting information corresponding to a decryption result of the first encryption signal in accordance with the key information and generating a second encryption signal.
  • a second decryption unit for example, the contactless IC card controller 111 in FIG. 3 for performing the processing in step S 11 in FIG. 6
  • a second encryption unit for example, the contactless IC card controller 111 in FIG
  • FIG. 1 shows an example of the structure of a content providing system according to the present invention.
  • a cellular telephone 1 functions as a client device of the content providing system.
  • the cellular telephone 1 includes a contactless IC card reader/writer chip 2 (hereinafter, referred to as an IC card chip 2 ) that implements both a function as a contactless IC card for an external reader/writer and a function as a reader/writer for an external contactless IC card.
  • IC card chip 2 a contactless IC card reader/writer chip 2
  • the cellular telephone 1 (more specifically, the IC card chip 2 ) provides information, such as a credit card number and an expiration date, stored in a memory of the IC card chip 2 to a reader/writer by using the function of a contactless IC card. Also, the cellular telephone 1 (more specifically, the IC card chip 2 ) performs contactless communication with an external contactless IC card to read various types of information stored in a memory of the external contactless IC card and to write information to the external contactless IC card.
  • a user uses the cellular telephone 1 as a so-called “child card” of the user's credit card.
  • the user can make a payment for a purchased item or a contract service by using the cellular telephone 1 .
  • the cellular telephone 1 is capable of communicating with other telephones via a base station 3 and is capable of directly accessing a content server 5 via the base station 3 and a network (for example, the Internet) 4 .
  • a network for example, the Internet
  • the user can purchase items and the like from the content server 5 (or a shopping site) by sending an ID and money information set in the IC card chip 2 to the content server 5 .
  • the IC card chip 2 performs payment processing in response to item purchase in accordance with a command generated and encrypted by a secure application module (SAM) 7 .
  • SAM secure application module
  • the IC card chip 2 decrypts an encrypted command, and reads information (for example, card information including a card number, an expiration date, a user's name, and a balance) corresponding to the command.
  • the IC card chip 2 appropriately encrypts the read information in accordance with key information managed together with the SAM 7 , and supplies the encrypted information to the SAM 7 via the cellular telephone 1 .
  • the IC card chip 2 performs short-distance communication with an external reader/writer via an antenna included in the IC card chip 2 .
  • the IC card chip 2 functions as a tamper-resistant device for the client device (the cellular telephone 1 ) in this system.
  • information encrypted by the IC card chip 2 is supplied to the SAM 7 via the cellular telephone 1 to a network 6
  • the encrypted information may be supplied to the SAM 7 via some parts of the cellular telephone 1 to the network 6 or supplied directly to the SAM 7 .
  • the content server 5 uses an ID of the IC card chip 2 and the user's card information, which are registered in advance in association with each other, to send, for example, card information, money information, and the like corresponding to the ID sent from the cellular telephone 1 to a card company (not shown), so that billing processing is performed.
  • the SAM 7 is connected to the content server 5 via the network 6 .
  • the SAM 7 generates an authentication command for controlling the IC card chip 2 , a read command for reading information stored in a memory of the IC card chip 2 , and a write command for writing information into the memory, in accordance with requests from the content server 5 .
  • the SAM 7 appropriately encrypts the generated commands in accordance with key information managed together with the IC card chip 2 , and supplies the encrypted commands to the IC card chip 2 via the content server 5 .
  • the SAM 7 functions as a tamper-resistant device for the server device (the content server 5 ).
  • the server device the content server 5
  • the encrypted information may be supplied to the IC card chip 2 via some parts of the cellular telephone 1 to the network 6 or supplied directly to the IC card chip 2 .
  • FIG. 2 is a block diagram showing an example of the structure of the cellular telephone 1 shown in FIG. 1 .
  • a central processing unit (CPU) 68 loads a control program stored in a read-only memory (ROM) 69 into a random-access memory (RAM) 70 , and controls the entire operation of the cellular telephone 1 in accordance with the control program.
  • ROM read-only memory
  • RAM random-access memory
  • the CPU 68 controls a digital signal processor (DSP) 64 in accordance with a user instruction, and transfers various types of information, such as voice information, to and from the base station 3 . Also, the CPU 68 controls the IC card chip 2 to perform, for example, short-distance radio communication with an adjacent reader/writer (not shown) by using electromagnetic induction.
  • DSP digital signal processor
  • a sending unit 62 When receiving voice information supplied from the DSP 64 , a sending unit 62 performs predetermined processing, such as digital-to-analog conversion and frequency conversion, and sends an obtained voice signal from an antenna 61 using a radio channel having a predetermined sending carrier frequency selected by the base station 3 .
  • predetermined processing such as digital-to-analog conversion and frequency conversion
  • a receiving unit 63 amplifies an RF signal received at the antenna 61 to perform predetermined processing, such as frequency conversion and analog-to-digital conversion, and outputs obtained voice information to the DSP 64 .
  • the DSP 64 performs, for example, spectrum de-spreading on voice information supplied from the receiving unit 63 , and outputs the obtained data to a voice-processing unit 65 . Also, the DSP 64 performs spectrum spreading on voice information supplied from the voice-processing unit 65 , and outputs the obtained data to the sending unit 62 .
  • the voice-processing unit 65 converts the user's voices collected at a microphone 67 into voice information, and outputs the voice information to the DSP 64 . Also, the voice-processing unit 65 converts voice information supplied from the DSP 64 into an analog voice signal, and outputs a corresponding voice signal from a speaker 66 .
  • a display unit 71 includes a liquid crystal display (LCD). In accordance with information supplied from the CPU 68 , the display unit 71 displays a corresponding screen.
  • An input unit 72 detects the user's input using buttons, such as a numeric keypad, a talk button, or a power button, arranged on a surface of the cellular telephone 1 , and outputs a corresponding signal to the CPU 68 .
  • FIG. 3 is a block diagram showing an example of the functional structure of the cellular telephone 1 and the IC card chip 2 .
  • a function section 81 is realized by executing a predetermined program on the CPU 68 .
  • a communication controller 91 controls the sending unit 62 and the receiving unit 63 , and controls hypertext transfer protocol (HTTP) communication using the secure sockets layer (SSL) performed via the base station 3 and the network 4 .
  • HTTP hypertext transfer protocol
  • a secure client 92 is realized by executing a mobile credit application provided by a card information management company (or downloaded from a server managed by a card information management company).
  • the secure client 92 controls communication with a secure server 182 (in FIG. 5 ) of the content server 5 in accordance with a predetermined protocol based on HTTP communication performed by the communication controller 91 . More specifically, the secure client 92 receives an encrypted command sent from the SAM 7 , supplies the encrypted command to the IC card chip 2 , and sends information encrypted by the IC card chip 2 to the SAM 7 via the content server 5 .
  • a display controller 93 is realized by performing a predetermined display program.
  • the display controller 93 controls the display of the display unit 71 .
  • the display controller 93 displays a usage history of the card information.
  • a chip control section 101 is realized by executing a predetermined program on a CPU (not shown) of the IC card chip 2 .
  • a contactless IC card controller 111 implements a contactless IC card function.
  • the contactless IC card controller 111 interprets requests, received via a communication controller 114 , from an external reader/writer or commands from the SAM 7 , and controls a memory manager 113 and the communication controller 114 .
  • a reader/writer controller 112 implements a contactless IC card reader/writer function, and manages data stored in an external contactless IC card by controlling the communication controller 114 .
  • the memory manager 113 reads information stored in a memory 102 to supply the information to the contactless IC card controller 111 , and controls writing of the information to a predetermined area of the memory 102 .
  • the communication controller 114 controls a load of the antenna 103 in accordance with an instruction from the contactless IC card controller 111 or the reader/writer controller 112 , and controls short-distance communication with an external reader/writer.
  • FIG. 4 is a block diagram showing an example of the structure of the content server 5 shown in FIG. 1 .
  • a CPU 141 performs various types of processing in accordance with a program stored in a ROM 142 or a program loaded from a storage unit 148 into a RAM 143 .
  • the RAM 143 also appropriately stores data and the like necessary for performing various types of processing by the CPU 141 .
  • the CPU 141 , the ROM 142 , and the RAM 143 are connected to each other via a bus 144 .
  • the bus 144 is also connected to an input/output interface 145 .
  • the input/output interface 145 is connected to an input unit 146 including a numeric keypad, used when money information is input, and a bar code reader; an output unit including a display, such as an LCD; a storage unit 148 including a hard disk; and a communication unit 149 performing communication via the networks 4 and 6 .
  • a drive 151 is connected to the input/output interface 145 as necessary, so that a magnetic disk 152 , an optical disk 153 , a magnetic optical disk 154 , or a semiconductor memory 155 is appropriately installed.
  • a computer program read via the drive 151 is installed in the storage unit 148 as necessary.
  • FIG. 5 shows an example of the functional structure of the part of the content server 5 relating to the present invention.
  • a communication controller 171 is realized by executing a predetermined program on the CPU 141 .
  • An HTTP server 181 establishes HTTP communication, using SSL, with the cellular telephone 1 to transfer various types of information.
  • the HTTP server 181 refers to information stored in a database 172 , and performs user authentication in accordance with a password and an ID sent from the cellular telephone 1 .
  • a secure server 182 performs communication with the secure client 92 realized in the cellular telephone 1 in accordance with a predetermined protocol based on HTTP communication. After the secure server 182 establishes communication, the SAM 7 can read and write information from and to the IC card chip 2 .
  • An application program 183 is a program built by an administrator of the content server 5 , and requires the SAM 7 to generate a command.
  • Information on a credit service that is subscribed to by the user and that is reported from a server or the like of a card company is stored in the database 172 .
  • information, such as a card number and an expiration date, of a credit card issued by a credit service subscribed to by the user of the cellular telephone 1 is registered in the database 172 so as to be associated with a password and an ID.
  • step S 21 the communication controller 91 of the cellular telephone 1 sends a signal indicating an item (an item to be purchased) designated by a user operation on a screen of a shopping site displayed on the display unit and the price of the item to the content server 5 via the base station 3 and the network 4 in accordance with HTTP communication using SSL.
  • processing in step S 21 is the first processing in order to simplify the explanation, processing for displaying the screen of the shopping site on the display unit 71 of the cellular telephone 1 and processing for urging a user to designate a desired item are actually performed in the previous stage between the cellular telephone 1 and the content server 5 .
  • the application program 183 of the content server 5 After receiving the signal indicating the item and price sent from the cellular telephone 1 , the application program 183 of the content server 5 requires the SAM 7 to read a balance of the IC card chip 2 in step S 31 .
  • the SAM 7 After receiving the request to read the balance of the IC card chip 2 from the content server 5 , the SAM 7 generates and encrypts a read command in step S 51 . Then, in step S 52 , the SAM 7 sends the encrypted read command to the content server 5 via the network 6 .
  • step S 32 the secure server 182 of the content server 5 sends the encrypted read command received from the SAM 7 to the cellular telephone 1 .
  • step S 22 the secure client 92 of the cellular telephone 1 supplies the encrypted read command to the IC card chip 2 .
  • step S 11 the contactless IC card controller 111 of the IC card chip 2 decrypts the encrypted read command supplied from the cellular telephone 1 .
  • step S 12 the contactless IC card controller 111 controls the memory manager 113 to read the balance from the memory 102 , and encrypts the balance.
  • step S 13 the contactless IC card controller 111 supplies a signal indicating the encrypted balance to the cellular telephone 1 .
  • step S 23 the secure client 92 of the cellular telephone 1 sends the signal indicating the encrypted balance received from the IC card chip 2 to the content server 5 .
  • step S 33 the secure server 182 of the content server 5 sends the signal indicating the encrypted balance to the SAM 7 .
  • the SAM 7 After receiving the signal indicating the encrypted balance sent from the content server 5 , the SAM 7 decrypts the signal indicating the encrypted balance in step S 53 . Then, in step S 54 , the SAM 7 sends a signal indicating the decrypted balance to the content server 5 .
  • the secure server 182 of the content server 5 After receiving the signal indicating the balance sent from the SAM 7 , the secure server 182 of the content server 5 compares the balance indicated by the signal and the price of the item to be purchased, and determines whether or not the balance is larger than or equal to the price (that is, whether the balance is sufficient to purchase the item) in step S 34 . Here, it is assumed that a sufficient balance is left. Then, in step S 35 , the secure server 182 of the content server 5 requires the cellular telephone 1 to confirm the purchase.
  • the display controller 93 of the cellular telephone 1 urges the user to confirm purchase of the item by, for example, displaying the request on the display unit 71 in step S 24 .
  • the communication controller 91 sends a signal indicating that the purchase is confirmed (purchase confirmed signal) to the content server 5 .
  • the secure server 182 of the content server 5 After receiving the purchase confirmed signal sent from the cellular telephone 1 , the secure server 182 of the content server 5 subtracts the price (amount of payment) from the balance in step S 36 . Then, in step S 37 , the application program 183 requires the SAM 7 to write a subtracted balance (update the balance).
  • the SAM 7 After receiving the write request from the content server 5 , the SAM 7 generates and encrypts a write command in step S 55 . Then, in step S 56 , the SAM 7 sends the encrypted write command to the content server 5 .
  • step S 38 the secure server 182 of the content server 5 sends the encrypted write command sent from the SAM 7 to the cellular telephone 1 .
  • step S 26 the secure client 92 of the cellular telephone 1 supplies the encrypted write command to the IC card chip 2 .
  • the contactless IC card controller 111 of the IC card chip 2 After receiving the encrypted write command from the cellular telephone 1 , the contactless IC card controller 111 of the IC card chip 2 decrypts the encrypted write command in step S 14 . Then, in step S 15 , as a decryption result, the contactless IC card controller 111 of the IC card chip 2 controls the memory manager 113 to change the balance stored in the memory 102 (overwrites with a new balance).
  • step S 16 the contactless IC card controller 111 of the IC card chip 2 sends an encrypted signal indicating that the writing is completed (a write-complete signal) to the cellular telephone 1 .
  • the encrypted write-complete signal sent from the IC card chip 2 to the cellular telephone 1 is sent to the SAM 7 via the cellular telephone 1 (step S 27 ) and the content server 5 (step S 39 ).
  • step S 57 the SAM 7 decrypts the encrypted write-complete signal sent from the content server 5 .
  • step S 58 the SAM 7 sends the write-complete signal to the content server 5 .
  • step S 40 the content server 5 performs predetermined processing, such as reporting that a payment is completed to the cellular telephone 1 .
  • the application program 183 of the content server 5 requires generation of commands one by one, and the SAM 7 generates and encrypts a command in accordance with the request.
  • the application program 183 of the content server 5 can control the IC card chip 2 at a command level.
  • an administrator of the content server 5 is able to set a desired command to be sent to the IC card chip 2 in a predetermined order using the application program 183 .
  • a service can be freely configured.
  • the SAM 7 may generate a plurality of commands in response to a request from the content server 5 .
  • step S 71 the communication controller 91 of the cellular telephone 1 sends, for example, a signal indicating an item (an item to be purchased) designated by a user operation on a screen of a shopping site displayed on the display unit 71 and indicating the price of the item to the content server 5 via the base station 3 and the network 4 , as in step S 21 in FIG. 6 .
  • the secure server 182 of the content server 5 After receiving the signal indicating the item and price sent from the cellular telephone 1 , the secure server 182 of the content server 5 reads the item indicated by the signal from the database, 172 in step S 81 , and sends the item to the cellular telephone 1 in step S 82 . In step S 72 , the communication controller 91 of the cellular telephone 1 receives the item sent from the content server 5 .
  • step S 83 the application program 183 of the content server 5 requires the SAM 7 to update the balance of the IC card chip 2 .
  • the SAM 7 After receiving the request to update the balance of the IC card chip 2 from the content server 5 , the SAM 7 generates and encrypts a read command in step S 101 . Then, in step S 102 , the SAM 7 sends the encrypted read command to the content server 5 via the network 6 .
  • step S 84 the secure server 182 of the content server 5 sends the encrypted read command sent from the SAM 7 to the cellular telephone 1 .
  • step S 73 the secure client 92 of the cellular telephone 1 supplies the encrypted read command to the IC card chip 2 .
  • step S 61 the contactless IC card controller 111 of the IC card chip 2 decrypts the encrypted read command supplied from the cellular telephone 1 .
  • step S 62 the contactless IC card controller 111 of the IC card chip 2 controls the memory manager 113 to read the balance from the memory 102 , and encrypts the balance.
  • step S 63 the contactless IC card controller 111 supplies a signal indicating the encrypted balance to the cellular telephone 1 .
  • step S 74 the secure client 92 of the cellular telephone 1 sends the signal indicating the encrypted balance sent from the IC card chip 2 to the content server 5 .
  • step S 85 the secure server 182 of the content server 5 sends the signal indicating the encrypted balance to the SAM 7 .
  • the SAM 7 After receiving the signal indicating the encrypted balance sent from the content server 5 , the SAM 7 decrypts the signal in step S 103 . Then, in step S 104 , the SAM 7 sends a signal indicating the decrypted balance to the content server 5 .
  • the secure server 182 of the content server 5 After receiving the signal indicating the balance sent from the SAM 7 , the secure server 182 of the content server 5 subtracts the price for purchase (payment) from the balance in step S 86 . Then, in step S 87 , the secure server 182 of the content server 5 sends a balance obtained by the subtraction to the SAM 7 .
  • the SAM 7 After receiving the balance from the content server 5 , the SAM 7 generates and encrypts a write command in step S 105 . Then, in step S 106 , the SAM 7 sends the encrypted write command to the content server 5 .
  • steps S 107 to S 108 steps S 88 to S 90 , steps S 75 to S 76 , and steps S 64 to S 66 , processing similar to that in steps S 57 to S 58 , steps S 38 to S 40 , steps S 26 to S 27 , and steps S 14 to S 16 in FIG. 6 is performed. Thus, explanations for these steps are omitted here.
  • a plurality of commands (read command (step S 101 ) and a write command (step S 105 )) is generated.
  • each command generated by the SAM 7 is sent to the IC card chip 2
  • a plurality of commands may be sent at the same time.
  • a process performed in a case where a plurality of commands is sent simultaneously is described next with reference to a flowchart shown in FIG. 8 .
  • steps S 161 to S 162 and steps S 171 to S 173 processing similar to that in steps S 71 to S 72 and steps S 81 to S 83 in FIG. 7 is performed. Thus, explanations for these steps are omitted here.
  • the SAM 7 After receiving a request to update the balance of the IC card chip 2 from the content server 5 , the SAM 7 generates and encrypts a read command and a write command in step S 181 . Then, in step S 182 , the SAM 7 sends the read command and the write command to the content server 5 via the network 6 .
  • step S 174 the secure server 182 of the content server 5 sends the encrypted read and write commands sent from the SAM 7 to the cellular telephone 1 .
  • step S 163 the secure client 92 of the cellular telephone 1 receives the encrypted read and write commands.
  • step S 164 the secure client 92 of the cellular telephone 1 supplies the encrypted read command to the IC card chip 2 .
  • step S 151 the contactless IC card controller 111 of the IC card chip 2 decrypts the encrypted read command supplied from the cellular telephone 1 .
  • step S 152 the contactless IC card controller 111 of the IC card chip 2 controls the memory manager 113 to read the balance from the memory 102 , and encrypts the balance.
  • step S 153 the contactless IC card controller 111 supplies a signal indicating the encrypted balance to the cellular telephone 1 .
  • the secure client 92 of the cellular telephone 1 After receiving the signal indicating the encrypted balance sent from the IC card chip 2 , the secure client 92 of the cellular telephone 1 sends the encrypted write command to the IC card chip 2 in step S 165 .
  • step S 154 the contactless IC card controller 111 of the IC card chip 2 decrypts the encrypted write command supplied from the cellular telephone 1 .
  • step S 155 the contactless IC card controller 111 of the IC card chip 2 controls the memory manager 113 to change the balance stored in the memory 102 (to overwrite with a new balance).
  • steps S 156 , S 166 , S 175 , S 176 , S 183 , and S 184 processing similar to that in steps S 66 , S 76 , S 89 , S 90 , S 107 , and S 108 in FIG. 7 is performed. Thus, explanations for these steps are omitted here.
  • steps S 211 to S 212 steps S 221 to S 223 , and steps S 231 to S 232 , processing similar to that in steps S 71 to S 72 , steps S 81 to S 83 , and steps S 101 to S 102 in FIG. 7 is performed. Thus, explanations for these steps are omitted here.
  • step S 224 the secure server 182 of the content server 5 sends encrypted read and write commands sent from the SAM 7 and a command (a non-encrypted command) for generating a predetermined sound when billing is completed (hereinafter, referred to as a playback sound command) to the cellular telephone 1 .
  • step S 213 the cellular telephone 1 receives the encrypted read and write commands and the playback sound command.
  • step S 214 the secure client 92 of the cellular telephone 1 supplies the encrypted read command to the IC card chip 2 .
  • steps S 201 to S 206 processing similar to that in steps S 61 to S 66 in FIG. 7 is performed. Thus, explanations for these steps are omitted here.
  • the CPU 68 of the cellular telephone 1 controls the DSP 64 to output a sound corresponding to the playback sound command from the speaker 66 in step S 216 .
  • steps S 217 , S 225 , S 226 , S 233 , and S 234 processing similar to that in steps S 76 , S 89 , S 90 , S 107 , and S 108 in FIG. 7 is performed. Thus, explanations for these steps are omitted here.
  • a personal computer 202 connected to a reader/writer 201 may be used, as shown in FIG. 10 .
  • a server side is capable of controlling the IC card chip 2 via the reader/writer 201 and the personal computer 202 , as described above.
  • the personal computer 202 may include a browser. Communication of data other than encrypted information may be performed using the browser.
  • a content providing system may include a plurality of content servers 5 - 1 , 5 - 2 , and so on; a plurality of SAMs 7 - 1 , 7 - 2 , and so on; a load distributor 252 distributing communication to the corresponding content servers 5 - 1 , 5 - 2 , and so on in accordance with a load of the corresponding content servers 5 - 1 , 5 - 2 , and so on; a load distributor 253 distributing communication in accordance with a load of the corresponding SAMs 7 - 1 , 7 - 2 , and so on; a firewall 251 ; and the like.
  • an IC card means a contactless IC card containing an IC chip including a radio communication unit, a data transfer unit, and a data processing unit, a contact IC card having a terminal on a surface thereof, or an apparatus including an IC chip contained in an information communication terminal, such as a cellular telephone, the IC chip having a function similar to a contact or contactless IC card.

Landscapes

  • Business, Economics & Management (AREA)
  • Engineering & Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Finance (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Storage Device Security (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)

Abstract

An IC card chip performs payment processing in response to item purchase in accordance with a command generated and encrypted by a secure application module. The IC card chip decrypts the encrypted command, and reads information corresponding to the command. The IC card chip appropriately encrypts the read information in accordance with key information managed together with the secure application module, and sends the encrypted information to the secure application module via a cellular telephone or the like. The secure application module generates a command for controlling the IC card chip of the cellular telephone in accordance with a request from a content server. The secure application module appropriately encrypts the generated command in accordance with the key information managed together with the IC card chip, and supplies the encrypted command to the IC card chip. The IC card chip operates in accordance with the supplied command.

Description

    BACKGROUND OF THE INVENTION
  • 1. Field of the Invention
  • The present invention relates to information processing systems, and more particularly, to an information processing system capable of controlling integrated circuit (IC) cards at a command level.
  • 2. Description of the Related Art
  • In recent years, credit cards containing IC chips have become widely used for payment in electronic business transactions performed on the Internet.
  • In this case, for example, a user can purchase an item in an actual shop or on an Internet shopping site by placing the user's credit card on a reader/writer connected to a personal computer or by accessing the Internet shopping site using a cellular telephone containing an IC chip having a credit card function (see Japanese Unexamined Patent Application Publication No. 2002-374570). Payment processing for this purchase is performed in accordance with a response by an IC card to an instruction from a server (for example, a content server) that manages payment information.
  • Information transferred between the content server and the IC card is private information, such as a purchase amount, balance information registered on the IC card, and the like. Thus, such information must be encrypted. Therefore, the contents of requests to the IC card and information sent from the IC card in accordance with the requests are encrypted.
  • However, instructions to IC cards have not been set at a command level, such as a read command or a write command. As a result, for example, providers that provide services using IC cards have not been able to increase the efficiency in communication nor the efficiency in server processing.
    • SUMMARY OF THE INVENTION
  • Accordingly, it is an object of the present invention to be able to send a request to an IC card at a command level.
  • According to an aspect of the present invention, a server apparatus in an information processing system, the server apparatus communicating with a client apparatus including a client device and a client tamper-resistant device, includes a server tamper-resistant device and a server device. The server tamper-resistant device includes an encryption unit for encrypting information corresponding to a request from the server device in accordance with key information managed by the server tamper-resistant device and by the client tamper-resistant device and generating a first encryption signal; and a decryption unit for decrypting a second encryption signal encrypted by the client tamper-resistant device in accordance with the key information. The server device includes a communication unit for performing communication with the client device, the communication not requiring encryption based on the key information; a requesting unit for requesting the server tamper-resistant device for encryption based on the key information when the server device performs communication with the client device, the communication requiring encryption based on the key information; and a processing unit for performing processing corresponding to a signal decrypted by the decryption unit of the server tamper-resistant device.
  • According to another aspect of the present invention, a client apparatus in an information processing system, the client apparatus communicating with a server apparatus including a server tamper-resistant device and a server device, includes a client device and a client tamper-resistant device. The client device includes a communication unit for performing communication with the server device, the communication not requiring encryption based on key information managed by the server tamper-resistant device and by the client tamper-resistant device. The client tamper-resistant device includes a decryption unit for decrypting a first encryption signal encrypted by the server tamper-resistant device in accordance with the key information; and an encryption unit for encrypting information corresponding to a decryption result of the first encryption signal in accordance with the key information and generating a second encryption signal.
  • According to another aspect of the present invention, an information processing system includes a server apparatus and a client apparatus. The server apparatus includes a server tamper-resistant device and a server device. The client apparatus includes a client device and a client tamper-resistant device. The server tamper-resistant device includes a first encryption unit for encrypting information corresponding to a request from the server device in accordance with key information managed by the server tamper-resistant device and by the client tamper-resistant device and generating a first encryption signal; and a first decryption unit for decrypting a second encryption signal encrypted by the client tamper-resistant device in accordance with the key information. The server device includes a first communication unit for performing communication with the client device, the communication not requiring encryption based on the key information; a requesting unit for requesting the server tamper-resistant device for encryption based on the key information when the server device performs communication with the client device, the communication requiring encryption based on the key information; and a processing unit for performing processing corresponding to a signal decrypted by the decryption unit of the server tamper-resistant device. The client device includes a second communication unit for performing communication with the server device, the communication not requiring encryption based on the key information. The client tamper-resistant device includes a second decryption unit for decrypting the first encryption signal encrypted by the first encryption unit of the server tamper-resistant device; and a second encryption unit for encrypting information corresponding to a decryption result of the first encryption signal in accordance with the key information and generating a second encryption signal.
  • According to the present invention, a server tamper-resistant device can perform encryption processing at a command level, and processing can be instructed to a client tamper-resistant device safely and flexibly.
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 shows an example of the structure of a content providing system according to the present invention;
  • FIG. 2 is a block diagram showing an example of the structure of a cellular telephone shown in FIG. 1;
  • FIG. 3 is a block diagram showing an example of the functional structure of the cellular telephone shown in FIG. 1;
  • FIG. 4 is a block diagram showing an example of the structure of a content server shown in FIG. 1;
  • FIG. 5 is a block diagram showing an example of the functional structure of the content server shown in FIG. 1;
  • FIG. 6 is a flowchart showing a process performed by the content providing system shown in FIG. 1;
  • FIG. 7 is a flowchart showing another process performed by the content providing system shown in FIG. 1;
  • FIG. 8 is a flowchart showing another process performed by the content providing system shown in FIG. 1;
  • FIG. 9 is a flowchart showing another process performed by the content providing system shown in FIG. 1;
  • FIG. 10 shows another example of the structure of the content providing system according to the preset invention; and
  • FIG. 11 shows another example of the structure of the content providing system according to the present invention.
    • DESCRIPTION OF THE PREFERRED EMBODIMENTS
  • According to an aspect of the present invention, a server apparatus in an information processing system, the server apparatus communicating with a client apparatus including a client device and a client tamper-resistant device, includes a server tamper-resistant device and a server device. The server tamper-resistant device includes an encryption unit (for example, a secure application module (SAM) 7 in FIG. 1 for performing processing in step S51 in FIG. 6) for encrypting information corresponding to a request from the server device in accordance with key information managed by the server tamper-resistant device and by the client tamper-resistant device and generating a first encryption signal; and a decryption unit (for example, the SAM 7 in FIG. 1 for performing processing in step S53 in FIG. 6) for decrypting a second encryption signal encrypted by the client tamper-resistant device in accordance with the key information. The server device includes a communication unit (for example, a hypertext transfer protocol (HTTP) server 181 in FIG. 5) for performing communication with the client device, the communication not requiring encryption based on the key information; a requesting unit (for example, an application program 183 in FIG. 5 for performing processing in step S31 in FIG. 6) for requesting the server tamper-resistant device for encryption based on the key information when the server device performs communication with the client device, the communication requiring encryption based on the key information; and a processing unit (for example, the application program 183 in FIG. 5 for performing processing in step S40 in FIG. 6) for performing processing corresponding to a signal decrypted by the decryption unit of the server tamper-resistant device.
  • The requesting unit of the server device can send a predetermined request to the server tamper-resistant device in accordance with a set order. The encryption unit of the server tamper-resistant device can generate one or more commands in accordance with the request from the requesting unit, and can encrypt the generated commands (for example, step S51 in FIG. 6 or step S181 in FIG. 8).
  • When the encryption unit of the server tamper-resistant device generates a plurality of commands in accordance with the request from the requesting unit and encrypts the plurality of commands, the encrypted plurality of commands can be provided to the client tamper-resistant device in a predetermined order (for example, steps S164 and S165 in FIG. 8).
  • When the encryption unit of the server tamper-resistant device generates a plurality of commands in accordance with the request from the requesting unit and encrypts the plurality of commands, the encrypted plurality of commands can be simultaneously supplied to the client device (for example, step S174 in FIG. 8).
  • The server tamper-resistant device and the server device can be integrated with each other.
  • According to another aspect of the present invention, a client apparatus in an information processing system, the client apparatus communicating with a server apparatus including a server tamper-resistant device and a server device, includes a client device and a client tamper-resistant device. The client device includes a communication unit (for example, a communication controller 91 in FIG. 3) for performing communication with the server device, the communication not requiring encryption based on key information managed by the server tamper-resistant device and by the client tamper-resistant device. The client tamper-resistant device includes a decryption unit (for example, a contactless integrated circuit (IC) card controller 111 in FIG. 3 for performing processing in step S11 in FIG. 6) for decrypting a first encryption signal encrypted by the server tamper-resistant device in accordance with the key information; and an encryption unit (for example, the contactless IC card controller 111 in FIG. 3 for performing processing in step S12 in FIG. 6) for encrypting information corresponding to a decryption result of the first encryption signal in accordance with the key information and generating a second encryption signal.
  • The communication unit of the client device can be a browser.
  • The client tamper-resistant device and the client device can be integrated with each other.
  • The client tamper-resistant device, the client device, and the browser can be integrated with each other.
  • According to another aspect of the present invention, an information processing system includes a server apparatus and a client apparatus. The server apparatus includes a server tamper-resistant device and a server device. The client apparatus includes a client device and a client tamper-resistant device. The server tamper-resistant device includes a first encryption unit (for example, the SAM 7 in FIG. 1 for performing the processing in step S51 in FIG. 6) for encrypting information corresponding to a request from the server device in accordance with key information managed by the server tamper-resistant device and by the client tamper-resistant device and generating a first encryption signal; and a first decryption unit (for example, the SAM 7 in FIG. 1 for performing the processing in step S53 in FIG. 6) for decrypting a second encryption signal encrypted by the client tamper-resistant device in accordance with the key information. The server device includes a first communication unit (for example, the HTTP server 181 in FIG. 5) for performing communication with the client device, the communication not requiring encryption based on the key information; a requesting unit (for example, the application program 183 in FIG. 5 for performing the processing in step S31 in FIG. 6) for requesting the server tamper-resistant device for encryption based on the key information when the server device performs communication with the client device, the communication requiring encryption based on the key information; and a processing unit (for example, the application program 183 in FIG. 5 for performing the processing in step S40 in FIG. 6) for performing processing corresponding to a signal decrypted by the decryption unit of the server tamper-resistant device. The client device includes a second communication unit (for example, the communication controller 91 in FIG. 3) for performing communication with the server device, the communication not requiring encryption based on the key information. The client tamper-resistant device includes a second decryption unit (for example, the contactless IC card controller 111 in FIG. 3 for performing the processing in step S11 in FIG. 6) for decrypting the first encryption signal encrypted by the first encryption unit of the server tamper-resistant device; and a second encryption unit (for example, the contactless IC card controller 111 in FIG. 3 for performing the processing in step S12 in FIG. 6) for encrypting information corresponding to a decryption result of the first encryption signal in accordance with the key information and generating a second encryption signal.
  • FIG. 1 shows an example of the structure of a content providing system according to the present invention.
  • A cellular telephone 1 functions as a client device of the content providing system. The cellular telephone 1 includes a contactless IC card reader/writer chip 2 (hereinafter, referred to as an IC card chip 2) that implements both a function as a contactless IC card for an external reader/writer and a function as a reader/writer for an external contactless IC card.
  • In other words, the cellular telephone 1 (more specifically, the IC card chip 2) provides information, such as a credit card number and an expiration date, stored in a memory of the IC card chip 2 to a reader/writer by using the function of a contactless IC card. Also, the cellular telephone 1 (more specifically, the IC card chip 2) performs contactless communication with an external contactless IC card to read various types of information stored in a memory of the external contactless IC card and to write information to the external contactless IC card.
  • In other words, a user uses the cellular telephone 1 as a so-called “child card” of the user's credit card. Thus, the user can make a payment for a purchased item or a contract service by using the cellular telephone 1.
  • The cellular telephone 1 is capable of communicating with other telephones via a base station 3 and is capable of directly accessing a content server 5 via the base station 3 and a network (for example, the Internet) 4. Thus, the user can purchase items and the like from the content server 5 (or a shopping site) by sending an ID and money information set in the IC card chip 2 to the content server 5.
  • For example, the IC card chip 2 performs payment processing in response to item purchase in accordance with a command generated and encrypted by a secure application module (SAM) 7. The IC card chip 2 decrypts an encrypted command, and reads information (for example, card information including a card number, an expiration date, a user's name, and a balance) corresponding to the command. The IC card chip 2 appropriately encrypts the read information in accordance with key information managed together with the SAM 7, and supplies the encrypted information to the SAM 7 via the cellular telephone 1.
  • The IC card chip 2 performs short-distance communication with an external reader/writer via an antenna included in the IC card chip 2.
  • In other words, the IC card chip 2 functions as a tamper-resistant device for the client device (the cellular telephone 1) in this system. Although information encrypted by the IC card chip 2 is supplied to the SAM 7 via the cellular telephone 1 to a network 6, the encrypted information may be supplied to the SAM 7 via some parts of the cellular telephone 1 to the network 6 or supplied directly to the SAM 7.
  • The content server 5 uses an ID of the IC card chip 2 and the user's card information, which are registered in advance in association with each other, to send, for example, card information, money information, and the like corresponding to the ID sent from the cellular telephone 1 to a card company (not shown), so that billing processing is performed.
  • The SAM 7 is connected to the content server 5 via the network 6. The SAM 7 generates an authentication command for controlling the IC card chip 2, a read command for reading information stored in a memory of the IC card chip 2, and a write command for writing information into the memory, in accordance with requests from the content server 5. The SAM 7 appropriately encrypts the generated commands in accordance with key information managed together with the IC card chip 2, and supplies the encrypted commands to the IC card chip 2 via the content server 5.
  • In other words, the SAM 7 functions as a tamper-resistant device for the server device (the content server 5). Although information encrypted by the SAM 7 is supplied to the IC card chip 2 via the cellular telephone 1 to the network 6, the encrypted information may be supplied to the IC card chip 2 via some parts of the cellular telephone 1 to the network 6 or supplied directly to the IC card chip 2.
  • FIG. 2 is a block diagram showing an example of the structure of the cellular telephone 1 shown in FIG. 1.
  • A central processing unit (CPU) 68 loads a control program stored in a read-only memory (ROM) 69 into a random-access memory (RAM) 70, and controls the entire operation of the cellular telephone 1 in accordance with the control program.
  • For example, the CPU 68 controls a digital signal processor (DSP) 64 in accordance with a user instruction, and transfers various types of information, such as voice information, to and from the base station 3. Also, the CPU 68 controls the IC card chip 2 to perform, for example, short-distance radio communication with an adjacent reader/writer (not shown) by using electromagnetic induction.
  • When receiving voice information supplied from the DSP 64, a sending unit 62 performs predetermined processing, such as digital-to-analog conversion and frequency conversion, and sends an obtained voice signal from an antenna 61 using a radio channel having a predetermined sending carrier frequency selected by the base station 3.
  • For example, in a voice conversation mode, a receiving unit 63 amplifies an RF signal received at the antenna 61 to perform predetermined processing, such as frequency conversion and analog-to-digital conversion, and outputs obtained voice information to the DSP 64.
  • The DSP 64 performs, for example, spectrum de-spreading on voice information supplied from the receiving unit 63, and outputs the obtained data to a voice-processing unit 65. Also, the DSP 64 performs spectrum spreading on voice information supplied from the voice-processing unit 65, and outputs the obtained data to the sending unit 62.
  • The voice-processing unit 65 converts the user's voices collected at a microphone 67 into voice information, and outputs the voice information to the DSP 64. Also, the voice-processing unit 65 converts voice information supplied from the DSP 64 into an analog voice signal, and outputs a corresponding voice signal from a speaker 66.
  • A display unit 71 includes a liquid crystal display (LCD). In accordance with information supplied from the CPU 68, the display unit 71 displays a corresponding screen. An input unit 72 detects the user's input using buttons, such as a numeric keypad, a talk button, or a power button, arranged on a surface of the cellular telephone 1, and outputs a corresponding signal to the CPU 68.
  • FIG. 3 is a block diagram showing an example of the functional structure of the cellular telephone 1 and the IC card chip 2.
  • A function section 81 is realized by executing a predetermined program on the CPU 68.
  • A communication controller 91 controls the sending unit 62 and the receiving unit 63, and controls hypertext transfer protocol (HTTP) communication using the secure sockets layer (SSL) performed via the base station 3 and the network 4.
  • A secure client 92 is realized by executing a mobile credit application provided by a card information management company (or downloaded from a server managed by a card information management company). The secure client 92 controls communication with a secure server 182 (in FIG. 5) of the content server 5 in accordance with a predetermined protocol based on HTTP communication performed by the communication controller 91. More specifically, the secure client 92 receives an encrypted command sent from the SAM 7, supplies the encrypted command to the IC card chip 2, and sends information encrypted by the IC card chip 2 to the SAM 7 via the content server 5.
  • A display controller 93 is realized by performing a predetermined display program. The display controller 93 controls the display of the display unit 71. For example, the display controller 93 displays a usage history of the card information.
  • A chip control section 101 is realized by executing a predetermined program on a CPU (not shown) of the IC card chip 2.
  • A contactless IC card controller 111 implements a contactless IC card function. For example, the contactless IC card controller 111 interprets requests, received via a communication controller 114, from an external reader/writer or commands from the SAM 7, and controls a memory manager 113 and the communication controller 114.
  • A reader/writer controller 112 implements a contactless IC card reader/writer function, and manages data stored in an external contactless IC card by controlling the communication controller 114.
  • The memory manager 113 reads information stored in a memory 102 to supply the information to the contactless IC card controller 111, and controls writing of the information to a predetermined area of the memory 102.
  • The communication controller 114 controls a load of the antenna 103 in accordance with an instruction from the contactless IC card controller 111 or the reader/writer controller 112, and controls short-distance communication with an external reader/writer.
  • FIG. 4 is a block diagram showing an example of the structure of the content server 5 shown in FIG. 1.
  • A CPU 141 performs various types of processing in accordance with a program stored in a ROM 142 or a program loaded from a storage unit 148 into a RAM 143. The RAM 143 also appropriately stores data and the like necessary for performing various types of processing by the CPU 141.
  • The CPU 141, the ROM 142, and the RAM 143 are connected to each other via a bus 144. The bus 144 is also connected to an input/output interface 145.
  • The input/output interface 145 is connected to an input unit 146 including a numeric keypad, used when money information is input, and a bar code reader; an output unit including a display, such as an LCD; a storage unit 148 including a hard disk; and a communication unit 149 performing communication via the networks 4 and 6.
  • A drive 151 is connected to the input/output interface 145 as necessary, so that a magnetic disk 152, an optical disk 153, a magnetic optical disk 154, or a semiconductor memory 155 is appropriately installed. A computer program read via the drive 151 is installed in the storage unit 148 as necessary.
  • FIG. 5 shows an example of the functional structure of the part of the content server 5 relating to the present invention.
  • A communication controller 171 is realized by executing a predetermined program on the CPU 141. An HTTP server 181 establishes HTTP communication, using SSL, with the cellular telephone 1 to transfer various types of information. For example, the HTTP server 181 refers to information stored in a database 172, and performs user authentication in accordance with a password and an ID sent from the cellular telephone 1.
  • A secure server 182 performs communication with the secure client 92 realized in the cellular telephone 1 in accordance with a predetermined protocol based on HTTP communication. After the secure server 182 establishes communication, the SAM 7 can read and write information from and to the IC card chip 2.
  • An application program 183 is a program built by an administrator of the content server 5, and requires the SAM 7 to generate a command.
  • Information on a credit service that is subscribed to by the user and that is reported from a server or the like of a card company is stored in the database 172. For example, information, such as a card number and an expiration date, of a credit card issued by a credit service subscribed to by the user of the cellular telephone 1 is registered in the database 172 so as to be associated with a password and an ID.
  • A process performed by the content providing system shown in FIG. 1 having the above-mentioned structure will now be described with reference to a flowchart shown in FIG. 6.
  • In step S21, the communication controller 91 of the cellular telephone 1 sends a signal indicating an item (an item to be purchased) designated by a user operation on a screen of a shopping site displayed on the display unit and the price of the item to the content server 5 via the base station 3 and the network 4 in accordance with HTTP communication using SSL. Here, although processing in step S21 is the first processing in order to simplify the explanation, processing for displaying the screen of the shopping site on the display unit 71 of the cellular telephone 1 and processing for urging a user to designate a desired item are actually performed in the previous stage between the cellular telephone 1 and the content server 5.
  • After receiving the signal indicating the item and price sent from the cellular telephone 1, the application program 183 of the content server 5 requires the SAM 7 to read a balance of the IC card chip 2 in step S31.
  • After receiving the request to read the balance of the IC card chip 2 from the content server 5, the SAM 7 generates and encrypts a read command in step S51. Then, in step S52, the SAM 7 sends the encrypted read command to the content server 5 via the network 6.
  • In step S32, the secure server 182 of the content server 5 sends the encrypted read command received from the SAM 7 to the cellular telephone 1. In step S22, the secure client 92 of the cellular telephone 1 supplies the encrypted read command to the IC card chip 2.
  • In step S11, the contactless IC card controller 111 of the IC card chip 2 decrypts the encrypted read command supplied from the cellular telephone 1. As a result of decryption, in step S12, the contactless IC card controller 111 controls the memory manager 113 to read the balance from the memory 102, and encrypts the balance. In step S13, the contactless IC card controller 111 supplies a signal indicating the encrypted balance to the cellular telephone 1.
  • In step S23, the secure client 92 of the cellular telephone 1 sends the signal indicating the encrypted balance received from the IC card chip 2 to the content server 5. In step S33, the secure server 182 of the content server 5 sends the signal indicating the encrypted balance to the SAM 7.
  • After receiving the signal indicating the encrypted balance sent from the content server 5, the SAM 7 decrypts the signal indicating the encrypted balance in step S53. Then, in step S54, the SAM 7 sends a signal indicating the decrypted balance to the content server 5.
  • After receiving the signal indicating the balance sent from the SAM 7, the secure server 182 of the content server 5 compares the balance indicated by the signal and the price of the item to be purchased, and determines whether or not the balance is larger than or equal to the price (that is, whether the balance is sufficient to purchase the item) in step S34. Here, it is assumed that a sufficient balance is left. Then, in step S35, the secure server 182 of the content server 5 requires the cellular telephone 1 to confirm the purchase.
  • After receiving the request to confirm the purchase from the content server 5, the display controller 93 of the cellular telephone 1 urges the user to confirm purchase of the item by, for example, displaying the request on the display unit 71 in step S24. Here, it is assumed that a predetermined operation is performed on the display and the purchase is confirmed. In step S25, the communication controller 91 sends a signal indicating that the purchase is confirmed (purchase confirmed signal) to the content server 5.
  • After receiving the purchase confirmed signal sent from the cellular telephone 1, the secure server 182 of the content server 5 subtracts the price (amount of payment) from the balance in step S36. Then, in step S37, the application program 183 requires the SAM 7 to write a subtracted balance (update the balance).
  • After receiving the write request from the content server 5, the SAM 7 generates and encrypts a write command in step S55. Then, in step S56, the SAM 7 sends the encrypted write command to the content server 5.
  • In step S38, the secure server 182 of the content server 5 sends the encrypted write command sent from the SAM 7 to the cellular telephone 1. In step S26, the secure client 92 of the cellular telephone 1 supplies the encrypted write command to the IC card chip 2.
  • After receiving the encrypted write command from the cellular telephone 1, the contactless IC card controller 111 of the IC card chip 2 decrypts the encrypted write command in step S14. Then, in step S15, as a decryption result, the contactless IC card controller 111 of the IC card chip 2 controls the memory manager 113 to change the balance stored in the memory 102 (overwrites with a new balance).
  • Then, in step S16, the contactless IC card controller 111 of the IC card chip 2 sends an encrypted signal indicating that the writing is completed (a write-complete signal) to the cellular telephone 1. The encrypted write-complete signal sent from the IC card chip 2 to the cellular telephone 1 is sent to the SAM 7 via the cellular telephone 1 (step S27) and the content server 5 (step S39).
  • In step S57, the SAM 7 decrypts the encrypted write-complete signal sent from the content server 5. In step S58, the SAM 7 sends the write-complete signal to the content server 5.
  • Accordingly, in step S40, the content server 5 performs predetermined processing, such as reporting that a payment is completed to the cellular telephone 1.
  • As described above, the application program 183 of the content server 5 requires generation of commands one by one, and the SAM 7 generates and encrypts a command in accordance with the request. Thus, the application program 183 of the content server 5 can control the IC card chip 2 at a command level. In other words, an administrator of the content server 5 is able to set a desired command to be sent to the IC card chip 2 in a predetermined order using the application program 183. Thus, a service can be freely configured.
  • Although an example in which the SAM 7 generates a command every time the content server 5 (more specifically, the application program 183) requires generation of a command has been explained, the SAM 7 may generate a plurality of commands in response to a request from the content server 5.
  • A process performed by the content providing system when the SAM 7 generates a plurality of commands in response to a request from the content server 5 will now be described with reference to a flowchart shown in FIG. 7.
  • In step S71, the communication controller 91 of the cellular telephone 1 sends, for example, a signal indicating an item (an item to be purchased) designated by a user operation on a screen of a shopping site displayed on the display unit 71 and indicating the price of the item to the content server 5 via the base station 3 and the network 4, as in step S21 in FIG. 6.
  • After receiving the signal indicating the item and price sent from the cellular telephone 1, the secure server 182 of the content server 5 reads the item indicated by the signal from the database,172 in step S81, and sends the item to the cellular telephone 1 in step S82. In step S72, the communication controller 91 of the cellular telephone 1 receives the item sent from the content server 5.
  • Then, in step S83, the application program 183 of the content server 5 requires the SAM 7 to update the balance of the IC card chip 2.
  • After receiving the request to update the balance of the IC card chip 2 from the content server 5, the SAM 7 generates and encrypts a read command in step S101. Then, in step S102, the SAM 7 sends the encrypted read command to the content server 5 via the network 6.
  • In step S84, the secure server 182 of the content server 5 sends the encrypted read command sent from the SAM 7 to the cellular telephone 1. In step S73, the secure client 92 of the cellular telephone 1 supplies the encrypted read command to the IC card chip 2.
  • In step S61, the contactless IC card controller 111 of the IC card chip 2 decrypts the encrypted read command supplied from the cellular telephone 1. As a result of the decryption, in step S62, the contactless IC card controller 111 of the IC card chip 2 controls the memory manager 113 to read the balance from the memory 102, and encrypts the balance. In step S63, the contactless IC card controller 111 supplies a signal indicating the encrypted balance to the cellular telephone 1.
  • In step S74, the secure client 92 of the cellular telephone 1 sends the signal indicating the encrypted balance sent from the IC card chip 2 to the content server 5. In step S85, the secure server 182 of the content server 5 sends the signal indicating the encrypted balance to the SAM 7.
  • After receiving the signal indicating the encrypted balance sent from the content server 5, the SAM 7 decrypts the signal in step S103. Then, in step S104, the SAM 7 sends a signal indicating the decrypted balance to the content server 5.
  • After receiving the signal indicating the balance sent from the SAM 7, the secure server 182 of the content server 5 subtracts the price for purchase (payment) from the balance in step S86. Then, in step S87, the secure server 182 of the content server 5 sends a balance obtained by the subtraction to the SAM 7.
  • After receiving the balance from the content server 5, the SAM 7 generates and encrypts a write command in step S105. Then, in step S106, the SAM 7 sends the encrypted write command to the content server 5.
  • In the subsequent steps S107 to S108, steps S88 to S90, steps S75 to S76, and steps S64 to S66, processing similar to that in steps S57 to S58, steps S38 to S40, steps S26 to S27, and steps S14 to S16 in FIG. 6 is performed. Thus, explanations for these steps are omitted here.
  • Accordingly, in response to a request from the content server 5 (step S83), a plurality of commands (read command (step S101) and a write command (step S105)) is generated.
  • Although an example in which each command generated by the SAM 7 is sent to the IC card chip 2 has been described, a plurality of commands may be sent at the same time. A process performed in a case where a plurality of commands is sent simultaneously is described next with reference to a flowchart shown in FIG. 8.
  • In steps S161 to S162 and steps S171 to S173, processing similar to that in steps S71 to S72 and steps S81 to S83 in FIG. 7 is performed. Thus, explanations for these steps are omitted here.
  • After receiving a request to update the balance of the IC card chip 2 from the content server 5, the SAM 7 generates and encrypts a read command and a write command in step S181. Then, in step S182, the SAM 7 sends the read command and the write command to the content server 5 via the network 6.
  • In step S174, the secure server 182 of the content server 5 sends the encrypted read and write commands sent from the SAM 7 to the cellular telephone 1. In step S163, the secure client 92 of the cellular telephone 1 receives the encrypted read and write commands.
  • In step S164, the secure client 92 of the cellular telephone 1 supplies the encrypted read command to the IC card chip 2.
  • In step S151, the contactless IC card controller 111 of the IC card chip 2 decrypts the encrypted read command supplied from the cellular telephone 1. As a result of the decryption, in step S152, the contactless IC card controller 111 of the IC card chip 2 controls the memory manager 113 to read the balance from the memory 102, and encrypts the balance. In step S153, the contactless IC card controller 111 supplies a signal indicating the encrypted balance to the cellular telephone 1.
  • After receiving the signal indicating the encrypted balance sent from the IC card chip 2, the secure client 92 of the cellular telephone 1 sends the encrypted write command to the IC card chip 2 in step S165.
  • In step S154, the contactless IC card controller 111 of the IC card chip 2 decrypts the encrypted write command supplied from the cellular telephone 1. As a result of the decryption, in step S155, the contactless IC card controller 111 of the IC card chip 2 controls the memory manager 113 to change the balance stored in the memory 102 (to overwrite with a new balance).
  • In the subsequent steps S156, S166, S175, S176, S183, and S184, processing similar to that in steps S66, S76, S89, S90, S107, and S108 in FIG. 7 is performed. Thus, explanations for these steps are omitted here.
  • Although a case where the IC card chip 2 is controlled in accordance with an encrypted command has been described, a case where the IC card chip 2 is controlled in accordance with a non-encrypted command, together with an encrypted command, is described next with reference to FIG. 9.
  • In steps S211 to S212, steps S221 to S223, and steps S231 to S232, processing similar to that in steps S71 to S72, steps S81 to S83, and steps S101 to S102 in FIG. 7 is performed. Thus, explanations for these steps are omitted here.
  • In step S224, the secure server 182 of the content server 5 sends encrypted read and write commands sent from the SAM 7 and a command (a non-encrypted command) for generating a predetermined sound when billing is completed (hereinafter, referred to as a playback sound command) to the cellular telephone 1. In step S213, the cellular telephone 1 receives the encrypted read and write commands and the playback sound command.
  • In step S214, the secure client 92 of the cellular telephone 1 supplies the encrypted read command to the IC card chip 2.
  • In steps S201 to S206, processing similar to that in steps S61 to S66 in FIG. 7 is performed. Thus, explanations for these steps are omitted here.
  • After receiving an encrypted write-complete signal sent from the IC card chip 2, the CPU 68 of the cellular telephone 1 controls the DSP 64 to output a sound corresponding to the playback sound command from the speaker 66 in step S216.
  • In steps S217, S225, S226, S233, and S234, processing similar to that in steps S76, S89, S90, S107, and S108 in FIG. 7 is performed. Thus, explanations for these steps are omitted here.
  • Although an example in which the IC card chip 2 is incorporated in the cellular telephone 1 has been explained with reference to FIG. 1, a personal computer 202 connected to a reader/writer 201 may be used, as shown in FIG. 10. By enabling communication between the IC card chip 2 and the personal computer 202 by installing the IC card chip 2 in the reader/writer 201, a server side is capable of controlling the IC card chip 2 via the reader/writer 201 and the personal computer 202, as described above.
  • In this case, the personal computer 202 may include a browser. Communication of data other than encrypted information may be performed using the browser.
  • Also, in a case where many IC cards are used, a content providing system may include a plurality of content servers 5-1, 5-2, and so on; a plurality of SAMs 7-1, 7-2, and so on; a load distributor 252 distributing communication to the corresponding content servers 5-1, 5-2, and so on in accordance with a load of the corresponding content servers 5-1, 5-2, and so on; a load distributor 253 distributing communication in accordance with a load of the corresponding SAMs 7-1, 7-2, and so on; a firewall 251; and the like.
  • In the above description, an IC card means a contactless IC card containing an IC chip including a radio communication unit, a data transfer unit, and a data processing unit, a contact IC card having a terminal on a surface thereof, or an apparatus including an IC chip contained in an information communication terminal, such as a cellular telephone, the IC chip having a function similar to a contact or contactless IC card.
  • As described above, the present invention has been described with reference to particular embodiments. However, it is obvious that modifications and substitutions may be made to the present invention by those skilled in the art without departing from the spirit and scope thereof. In other words, the present invention is disclosed by way of an example and the present invention should not be understood in a limited way. In order to determine the summary of the present invention, the claims should be referred to.
  • This application claims priority from Japanese Patent Application No. 2004-4756 filed Jan. 9, 2004, which is hereby incorporated by reference herein.

Claims (10)

1. A server apparatus in an information processing system, the server apparatus communicating with a client apparatus including a client device and a client tamper-resistant device, the server apparatus comprising:
a server tamper-resistant device; and
a server device, wherein:
the server tamper-resistant device includes: encryption means for encrypting information corresponding to a request from the server device in accordance with key information managed by the server tamper-resistant device and by the client tamper-resistant device and generating a first encryption signal; and decryption means for decrypting a second encryption signal encrypted by the client tamper-resistant device in accordance with the key information; and
the server device includes: communication means for performing communication with the client device, the communication not requiring encryption based on the key information; requesting means for requesting the server tamper-resistant device for encryption based on the key information when the server device performs communication with the client device, the communication requiring encryption based on the key information; and processing means for performing processing corresponding to a signal decrypted by the decryption means of the server tamper-resistant device.
2. The server apparatus according to claim 1, wherein:
the requesting means of the server device sends a predetermined request to the server tamper-resistant device in accordance with a set order; and
the encryption means of the server tamper-resistant device generates one or more commands in accordance with the request from the requesting means, and encrypts the generated commands.
3. The server apparatus according to claim 2, wherein, when the encryption means of the server tamper-resistant device generates a plurality of commands in accordance with the request from the requesting means and encrypts the plurality of commands, the encrypted plurality of commands is provided to the client tamper-resistant device in a predetermined order.
4. The server apparatus according to claim 2, wherein, when the encryption means of the server tamper-resistant device generates a plurality of commands in accordance with the request from the requesting means and encrypts the plurality of commands, the encrypted plurality of commands is simultaneously supplied to the client device.
5. The server apparatus according to claim 1, wherein the server tamper-resistant device and the server device are integrated with each other.
6. A client apparatus in an information processing system, the client apparatus communicating with a server apparatus including a server tamper-resistant device and a server device, the client apparatus comprising:
a client device; and
a client tamper-resistant device, wherein:
the client device includes communication means for performing communication with the server device, the communication not requiring encryption based on key information managed by the server tamper-resistant device and by the client tamper-resistant device; and
the client tamper-resistant device includes: decryption means for decrypting a first encryption signal encrypted by the server tamper-resistant device in accordance with the key information; and encryption means for encrypting information corresponding to a decryption result of the first encryption signal in accordance with the key information and generating a second encryption signal.
7. The client apparatus according to claim 6, wherein the communication means of the client device is a browser.
8. The client apparatus according to claim 6, wherein the client tamper-resistant device and the client device are integrated with each other.
9. The client apparatus according to claim 7, wherein the client tamper-resistant device, the client device, and the browser are integrated with each other.
10. An information processing system comprising:
a server apparatus; and
a client apparatus, wherein:
the server apparatus includes a server tamper-resistant device and a server device;
the client apparatus includes a client device and a client tamper-resistant device;
the server tamper-resistant device includes: first encryption means for encrypting information corresponding to a request from the server device in accordance with key information managed by the server tamper-resistant device and by the client tamper-resistant device and generating a first encryption signal; and first decryption means for decrypting a second encryption signal encrypted by the client tamper-resistant device in accordance with the key information;
the server device includes: first communication means for performing communication with the client device, the communication not requiring encryption based on the key information; requesting means for requesting the server tamper-resistant device for encryption based on the key information when the server device performs communication with the client device, the communication requiring encryption based on the key information; and processing means for performing processing corresponding to a signal decrypted by the decryption means of the server tamper-resistant device;
the client device includes second communication means for performing communication with the server device, the communication not requiring encryption based on the key information; and
the client tamper-resistant device includes: second decryption means for decrypting the first encryption signal encrypted by the first encryption means of the server tamper-resistant device; and second encryption means for encrypting information corresponding to a decryption result of the first encryption signal in accordance with the key information and generating a second encryption signal.
US11/017,939 2004-01-09 2004-12-22 Information processing system for controlling integrated circuit cards at a command level Active 2027-05-13 US7620822B2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
JP2004004756A JP2005198205A (en) 2004-01-09 2004-01-09 Information processing system
JP2004-004756 2004-01-09

Publications (2)

Publication Number Publication Date
US20050182926A1 true US20050182926A1 (en) 2005-08-18
US7620822B2 US7620822B2 (en) 2009-11-17

Family

ID=34819276

Family Applications (1)

Application Number Title Priority Date Filing Date
US11/017,939 Active 2027-05-13 US7620822B2 (en) 2004-01-09 2004-12-22 Information processing system for controlling integrated circuit cards at a command level

Country Status (5)

Country Link
US (1) US7620822B2 (en)
JP (1) JP2005198205A (en)
CN (2) CN101561856B (en)
HK (1) HK1075150A1 (en)
SG (1) SG113553A1 (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080005589A1 (en) * 2006-06-29 2008-01-03 Megachips Corporation Information processing terminal and content writing system
US20080059976A1 (en) * 2006-08-31 2008-03-06 Sony Corporation Communication device, communication method, and program
US20090069050A1 (en) * 2007-09-12 2009-03-12 Devicefidelity, Inc. Updating mobile devices with additional elements
US20100012721A1 (en) * 2007-09-12 2010-01-21 Devicefidelity, Inc. Switching Between Internal and External Antennas
US20110029779A1 (en) * 2009-07-29 2011-02-03 Felica Networks, Inc. Information processing apparatus, program, storage medium and information processing system
US8915447B2 (en) 2007-09-12 2014-12-23 Devicefidelity, Inc. Amplifying radio frequency signals
US20150281965A1 (en) * 2014-03-31 2015-10-01 Felica Networks, Inc. Management server, data processing method, and program
US9304555B2 (en) 2007-09-12 2016-04-05 Devicefidelity, Inc. Magnetically coupling radio frequency antennas
US9311766B2 (en) 2007-09-12 2016-04-12 Devicefidelity, Inc. Wireless communicating radio frequency signals
EP2003589B1 (en) * 2007-05-15 2019-01-23 FeliCa Networks, Inc. Authentication information management system, server, method and program
US20200082119A1 (en) * 2018-05-13 2020-03-12 Richard Jay Langley Individual data unit and methods and systems for enhancing the security of user data
US11416841B2 (en) * 2014-07-18 2022-08-16 Tracfone Wireless, Inc. Device and process for purchasing electronic content using multimedia messaging service messaging

Families Citing this family (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2005198205A (en) * 2004-01-09 2005-07-21 Sony Corp Information processing system
JP4852721B2 (en) * 2007-01-25 2012-01-11 日本電産サンキョー株式会社 Card reader and control method thereof
JP4360417B2 (en) * 2007-04-13 2009-11-11 フェリカネットワークス株式会社 Information providing system, information processing server, providing server, communication apparatus, program, and information providing method
CN101324942A (en) * 2007-06-13 2008-12-17 阿里巴巴集团控股有限公司 Payment system and method performing trade by identification card including IC card
JP2009163392A (en) * 2007-12-28 2009-07-23 Systex Corp System and method for improving safety of account information in virtual channel transaction
KR101644568B1 (en) 2015-10-15 2016-08-12 주식회사 한국엔에프씨 Mobile card payment system and method which performs payment between mobile communication terminals
WO2018229818A1 (en) * 2017-06-12 2018-12-20 Quadrac株式会社 Relay device and system
JP6858961B2 (en) * 2017-06-28 2021-04-14 株式会社クリップアウトバーンズ Point payment device
JP6676029B2 (en) * 2017-11-17 2020-04-08 Quadrac株式会社 Relay device and system
US10642970B2 (en) * 2017-12-12 2020-05-05 John Almeida Virus immune computer system and method
WO2020003337A1 (en) * 2018-06-25 2020-01-02 Quadrac株式会社 Server device and system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4862501A (en) * 1985-03-08 1989-08-29 Kabushiki Kaisha Toshiba Communications network using IC cards
US6075860A (en) * 1997-02-19 2000-06-13 3Com Corporation Apparatus and method for authentication and encryption of a remote terminal over a wireless link
US20020077993A1 (en) * 2000-12-18 2002-06-20 Nokia Corporation Method and system for conducting wireless payments
US6845367B2 (en) * 1999-12-23 2005-01-18 International Business Machines Corporation Process and device for internet payments by means of security modules

Family Cites Families (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH06216896A (en) * 1993-01-20 1994-08-05 N T T Data Tsushin Kk Data processing system using ic card
US5461217A (en) * 1994-02-08 1995-10-24 At&T Ipm Corp. Secure money transfer techniques using smart cards
JP3925975B2 (en) * 1997-02-13 2007-06-06 大日本印刷株式会社 IC card processing method in network system
JPH11167664A (en) * 1997-12-04 1999-06-22 Nippon Conlux Co Ltd Settlement method and system using ic card
JPH11296602A (en) * 1998-04-08 1999-10-29 Hitachi Ltd Ic card storing unit for storage of electronic money and management method for the unit
FI990616A0 (en) 1999-03-18 1999-03-18 Sonera Oy Data transmission method and systems
JP2000353216A (en) * 1999-06-11 2000-12-19 Ntt Data Corp Ic card system and ic card terminal and ic card processing method and recording medium
CN1122930C (en) * 2000-05-11 2003-10-01 英业达集团(南京)电子技术有限公司 Enciphering and deciphering method via telephone and IC card
JP2002055961A (en) * 2000-08-14 2002-02-20 Matsushita Electric Ind Co Ltd Ic card device and proxy device, and card terminal device
JP4681724B2 (en) * 2000-10-17 2011-05-11 株式会社ジェーシービー Electronic money charge system
GB2374192B (en) 2001-04-06 2005-05-18 Freedom Card Ltd Payment system
FR2826212B1 (en) 2001-06-15 2004-11-19 Gemplus Card Int METHOD FOR REMOTELY LOADING AN ENCRYPTION KEY IN A STATION OF A TELECOMMUNICATION NETWORK
JP3783622B2 (en) * 2001-12-25 2006-06-07 日本電信電話株式会社 IC card remote communication method and system
JP3754004B2 (en) * 2002-05-20 2006-03-08 システムニーズ株式会社 Data update method
CN1659566B (en) * 2002-06-10 2010-10-20 坂村健 Electronic money transfer device equipped with non-contact IC interface
JP2004015665A (en) * 2002-06-10 2004-01-15 Takeshi Sakamura Authentication method and ic card in electronic ticket distribution system
JP2005198205A (en) * 2004-01-09 2005-07-21 Sony Corp Information processing system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4862501A (en) * 1985-03-08 1989-08-29 Kabushiki Kaisha Toshiba Communications network using IC cards
US6075860A (en) * 1997-02-19 2000-06-13 3Com Corporation Apparatus and method for authentication and encryption of a remote terminal over a wireless link
US6845367B2 (en) * 1999-12-23 2005-01-18 International Business Machines Corporation Process and device for internet payments by means of security modules
US20020077993A1 (en) * 2000-12-18 2002-06-20 Nokia Corporation Method and system for conducting wireless payments

Cited By (52)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20080005589A1 (en) * 2006-06-29 2008-01-03 Megachips Corporation Information processing terminal and content writing system
US9092648B2 (en) * 2006-06-29 2015-07-28 Megachips Corporation Information processing terminal and content writing system
US8886121B2 (en) * 2006-08-31 2014-11-11 Sony Corporation Communication device, commnunication method, and program
US20130093574A1 (en) * 2006-08-31 2013-04-18 Sony Corporation Communication device, commnunication method, and program
US8351857B2 (en) * 2006-08-31 2013-01-08 Sony Corporation Communication device, communication method, and program
US20080059976A1 (en) * 2006-08-31 2008-03-06 Sony Corporation Communication device, communication method, and program
EP2003589B1 (en) * 2007-05-15 2019-01-23 FeliCa Networks, Inc. Authentication information management system, server, method and program
US20090065572A1 (en) * 2007-09-12 2009-03-12 Devicefidelity, Inc. Wirelessly executing transactions with different enterprises
US9384480B2 (en) 2007-09-12 2016-07-05 Devicefidelity, Inc. Wirelessly executing financial transactions
WO2009036141A1 (en) * 2007-09-12 2009-03-19 Devicefidelity, Inc Interfacing transaction cards with host devices
US8915447B2 (en) 2007-09-12 2014-12-23 Devicefidelity, Inc. Amplifying radio frequency signals
US20100012721A1 (en) * 2007-09-12 2010-01-21 Devicefidelity, Inc. Switching Between Internal and External Antennas
WO2009036191A3 (en) * 2007-09-12 2010-03-11 Devicefidelity, Inc. Wirelessly executing transactions with different enterprises
US7941197B2 (en) 2007-09-12 2011-05-10 Devicefidelity, Inc. Updating mobile devices with additional elements
US7942337B2 (en) 2007-09-12 2011-05-17 Devicefidelity, Inc. Wirelessly executing transactions with different enterprises
US20110136539A1 (en) * 2007-09-12 2011-06-09 Device Fidelity, Inc. Receiving broadcast signals using intelligent covers for mobile devices
US20110215159A1 (en) * 2007-09-12 2011-09-08 Devicefidelity, Inc. Executing transactions secured user credentials
US20090070691A1 (en) * 2007-09-12 2009-03-12 Devicefidelity, Inc. Presenting web pages through mobile host devices
US8109444B2 (en) 2007-09-12 2012-02-07 Devicefidelity, Inc. Selectively switching antennas of transaction cards
US8190221B2 (en) 2007-09-12 2012-05-29 Devicefidelity, Inc. Wirelessly accessing broadband services using intelligent covers
US8341083B1 (en) 2007-09-12 2012-12-25 Devicefidelity, Inc. Wirelessly executing financial transactions
US8380259B2 (en) 2007-09-12 2013-02-19 Devicefidelity, Inc. Wirelessly accessing broadband services using intelligent covers
US8381999B2 (en) 2007-09-12 2013-02-26 Devicefidelity, Inc. Selectively switching antennas of transaction cards
US8430325B2 (en) 2007-09-12 2013-04-30 Devicefidelity, Inc. Executing transactions secured user credentials
US8925827B2 (en) 2007-09-12 2015-01-06 Devicefidelity, Inc. Amplifying radio frequency signals
US8776189B2 (en) 2007-09-12 2014-07-08 Devicefidelity, Inc. Wirelessly accessing broadband services using intelligent cards
US20090069050A1 (en) * 2007-09-12 2009-03-12 Devicefidelity, Inc. Updating mobile devices with additional elements
WO2009036191A2 (en) * 2007-09-12 2009-03-19 Devicefidelity, Inc. Wirelessly executing transactions with different enterprises
US8070057B2 (en) 2007-09-12 2011-12-06 Devicefidelity, Inc. Switching between internal and external antennas
WO2009036357A3 (en) * 2007-09-12 2009-06-18 Devicefidelity Inc Updating mobile devices with additional elements
US9418362B2 (en) 2007-09-12 2016-08-16 Devicefidelity, Inc. Amplifying radio frequency signals
US8548540B2 (en) 2007-09-12 2013-10-01 Devicefidelity, Inc. Executing transactions using mobile-device covers
US9016589B2 (en) 2007-09-12 2015-04-28 Devicefidelity, Inc. Selectively switching antennas of transaction cards
WO2009036264A1 (en) * 2007-09-12 2009-03-19 Devicefidelity, Inc. Wirelessly executing financial transactions
US9106647B2 (en) 2007-09-12 2015-08-11 Devicefidelity, Inc. Executing transactions secured user credentials
US9311766B2 (en) 2007-09-12 2016-04-12 Devicefidelity, Inc. Wireless communicating radio frequency signals
US9152911B2 (en) 2007-09-12 2015-10-06 Devicefidelity, Inc. Switching between internal and external antennas
US9195931B2 (en) 2007-09-12 2015-11-24 Devicefidelity, Inc. Switching between internal and external antennas
US9225718B2 (en) 2007-09-12 2015-12-29 Devicefidelity, Inc. Wirelessly accessing broadband services using intelligent cards
US9304555B2 (en) 2007-09-12 2016-04-05 Devicefidelity, Inc. Magnetically coupling radio frequency antennas
US20110029779A1 (en) * 2009-07-29 2011-02-03 Felica Networks, Inc. Information processing apparatus, program, storage medium and information processing system
US9667426B2 (en) 2009-07-29 2017-05-30 Sony Corporation Information processing apparatus, program, storage medium and information processing system
EP2336962A3 (en) * 2009-07-29 2012-01-25 FeliCa Networks, Inc. Information processing apparatus, program, storage medium and information processing system
US8892889B2 (en) 2009-07-29 2014-11-18 Felica Networks, Inc. Information processing apparatus, program, storage medium and information processing system
US20150281965A1 (en) * 2014-03-31 2015-10-01 Felica Networks, Inc. Management server, data processing method, and program
US9642010B2 (en) * 2014-03-31 2017-05-02 Felica Networks, Inc. Management server, data processing method, and program
US11416841B2 (en) * 2014-07-18 2022-08-16 Tracfone Wireless, Inc. Device and process for purchasing electronic content using multimedia messaging service messaging
US11550950B2 (en) * 2018-05-13 2023-01-10 Richard Jay Langley Individual data unit and methods and systems for enhancing the security of user data
US20200082119A1 (en) * 2018-05-13 2020-03-12 Richard Jay Langley Individual data unit and methods and systems for enhancing the security of user data
US10949566B2 (en) * 2018-05-13 2021-03-16 Richard Jay Langley Individual data unit and methods and systems for enhancing the security of user data
US20210150055A1 (en) * 2018-05-13 2021-05-20 Richard Jay Langley Individual data unit and methods and systems for enhancing the security of user data
US11861042B2 (en) 2018-05-13 2024-01-02 Richard Jay Langley Individual data unit and methods and systems for enhancing the security of user data

Also Published As

Publication number Publication date
CN101561856B (en) 2011-05-18
HK1075150A1 (en) 2005-12-02
CN1638332A (en) 2005-07-13
SG113553A1 (en) 2005-08-29
CN101561856A (en) 2009-10-21
US7620822B2 (en) 2009-11-17
CN100514906C (en) 2009-07-15
JP2005198205A (en) 2005-07-21

Similar Documents

Publication Publication Date Title
US7620822B2 (en) Information processing system for controlling integrated circuit cards at a command level
EP2701416B1 (en) Mobile Electronic Device And Use Thereof For Electronic Transactions
US7882208B2 (en) Information management apparatus, information management method, and program for managing an integrated circuit
EP1033652A2 (en) Method for downloading software from server to terminal
CN100574528C (en) Storage and visit data in mobile device and line module
US7720717B2 (en) Mobile terminal device, mobile terminal method, mobile terminal program, and electronic money server
US20060080322A1 (en) Information processing apparatus, information processing method, and program
JP2006510993A (en) System and method for conducting money transactions
KR100856514B1 (en) System for sevice authentication
JP2006018847A (en) Portable terminal device, portable terminal method, portable terminal program, provision server device, provision server method and provision server program
KR20070021348A (en) System and Method for Operating Electronic Money, Server for Operating Electronic Money, Payment Terminals for Electronic Money, Recording Medium and Information Storing Medium
KR100653638B1 (en) System of providing mobile banking service and method for operating the system
JP4479242B2 (en) Information processing system
JP4704000B2 (en) Communication system and communication method
KR100648709B1 (en) Portable device including smart card integrated circuit chip and method for issuing application by the device
KR100838297B1 (en) Method and Apparatus for House Card using Mobile Communication
JP4516394B2 (en) Information management apparatus and method, and program
TW201347574A (en) System for issuing a plurality of near filed communication membership cards over the air
JP2004349752A (en) Downloading system, downloading method, reproducing system, reproducing method, terminal device, and portable communication terminal
KR20070011951A (en) System and method for operating gift certificate devices for operating gift certificate, mobile terminal, recording medium and information storing medium
KR20030008684A (en) Electronic Cash service apparatus and method using wireless communication network
KR20040036503A (en) PDA terminal and using method thereof
KR100836883B1 (en) Method and Apparatus for Transit Pass Card using Mobile Communication
KR20110003699A (en) Method for identifying voucher person status and recording medium
KR20120040181A (en) Method for operating mobile gift certificate

Legal Events

Date Code Title Description
AS Assignment

Owner name: SONY CORPORATION, JAPAN

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:AKASHIKA, HIDEKI;SUZUKI, TADASHI;MIURA, ATSUSHI;AND OTHERS;REEL/FRAME:016494/0534;SIGNING DATES FROM 20050412 TO 20050415

STCF Information on status: patent grant

Free format text: PATENTED CASE

FEPP Fee payment procedure

Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

FPAY Fee payment

Year of fee payment: 4

FPAY Fee payment

Year of fee payment: 8

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 12TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1553); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 12